Closed Loop Governance

The diagram below shows the relationships between SOA governance, security and management, demonstrating how SOA Policy Management forms a closed loop of policy, metrics, and audit.

The alternative to a closed-loop solution is a set of stand-alone applications for governance, management and security. These solutions may offer loose integration, but we have yet to identify a single organization that has successfully integrated stand-alone solutions in a production environment.

On one hand, stand-alone run-time solutions don’t deliver higher value design-time, or governance capabilities. They require central policy management, don’t offer developer or architect services, and have no understanding of the relationship between a provider and a consumer.

On the other hand, design-time, and governance solutions can only deliver value when they are built on a runtime foundation. They require a run-time solution to enforce policies; they need the run-time to provide statistics and metrics for demand, capacity, and value monitoring; and they also need the run-time to provide an audit trail to ensure that messages comply with defined policies.

Closed loop means:

Defining and managing actionable policies in a governance solution at design-time

Enforcing these policies via deep integration with a management solution at run-time

Auditing that these policies are being enforced

Using industry standards (WS-Policy, WS-MEX) where appropriate for information exchange

Closed loop infrastructure enables demand and Value Management

Collect performance, usage and exception statistics at run-time

Track these statistics via the governance solution

Use live, audited information to drive value-based decisions about the effectiveness of different services and organizations

Provide developers with up to the minute information about a service in runtime to inform their decisions about which services to use

Manage supply and demand to ensure maximum efficiency and benefit from SOA

The products share a common registry and metadata repository to ensure seamless integration and offer active governance. Closed-loop governance will:

Ensure defined policies are enforced

When you define a policy for a service you have to KNOW categorically that it is being enforced

Generate audit trails for run-time and design-time policy compliance

Measure the real-world value of SOA

Not just theoretical value

How many applications are using each service, and how much are they using it

NOT how many applications have asked to use a certain capacity of each service

Manage, monitor and control relationships between consumers and providers